Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp1726797imm; Thu, 14 Jun 2018 02:53:36 -0700 (PDT) X-Google-Smtp-Source: ADUXVKIBZYoJJvZa0rweFBVHQ9CEYUxYmXCWNTxrxHIoAVjhypUeCR89Tu09R+KKAhEvU9yLv7xK X-Received: by 2002:a65:4bcd:: with SMTP id p13-v6mr1720588pgr.114.1528970016745; Thu, 14 Jun 2018 02:53:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1528970016; cv=none; d=google.com; s=arc-20160816; b=LplbyRwprmHdwzmLDetnwqz2YtJRH1UJ7+wQmJjVT3eIT+PkNXDRW/2INxiyCCG5ue dxFrU0lejHLNoFalV3DndXFSOrcoPWawbdHz5813s+faeo0HXglqGQ3q63mAoG/9IDPL 9+KTVrB5bMK75tzWw5JCxeYvjKNCtMp4itpi0H4FvUV53+vt+kiUQq7fi9uryx7roeGW OtW7ATWMkwRw83cOYDz9ANJKFcPZs/vjq1APCETazBNqmlYSQNa0d3LTia+YluNHt8Tl BZ1YuY3bPch21ugMWQpPVF8JRA+fzLGT72KIPtsWP2h9HvbGfyjUfbXXagsp2VFUXBR4 ty4w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date :arc-authentication-results; bh=iHiSocq9tpG2+Oy7wFE6Ij0ybsVAlr2RgPYW9cqU1Cg=; b=J66Goj+5ShtJ6GIKAMykZ009jRux/IXB7flkhpKp3x6Y5UJJoJxqjYO3tiKGF0i4H+ Zuk5uKbjhjWfwUmIZvTVeTOr9d7Ob6i8rfX/wyQKLte98E9wFGaLaF0BEdsakax3sx04 jnhdtlbRzVYYr8vsE96/VN9qxrtgC1XMRt1Q1vfgqQoyhW23ClCdY0LQArtpjpAb0nj/ HI3eGbxuPfWyNwFQcmFnKIkthCPAMt9VfSXK8Vbz7gftocqZoTLGUolt3p/3uinbJJHy Ixt1ipIz4w4mVyWPbe4ZpoATOu20Du0odk7fW9odgt9bx/xxQhcegBZ+nkhVBwvkFHip XiFQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t10-v6si4963111plh.306.2018.06.14.02.53.22; Thu, 14 Jun 2018 02:53:36 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754875AbeFNJw4 (ORCPT + 99 others); Thu, 14 Jun 2018 05:52:56 -0400 Received: from smtp-rs2-vallila1.fe.helsinki.fi ([128.214.173.73]:60026 "EHLO smtp-rs2-vallila1.fe.helsinki.fi" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754665AbeFNJwz (ORCPT ); Thu, 14 Jun 2018 05:52:55 -0400 X-Greylist: delayed 4205 seconds by postgrey-1.27 at vger.kernel.org; Thu, 14 Jun 2018 05:52:54 EDT Received: from whs-18.cs.helsinki.fi (whs-18.cs.helsinki.fi [128.214.166.46]) by smtp-rs2.it.helsinki.fi (8.14.7/8.14.7) with ESMTP id w5E8ghiP002152; Thu, 14 Jun 2018 11:42:43 +0300 Received: by whs-18.cs.helsinki.fi (Postfix, from userid 1070048) id B018C3601A6; Thu, 14 Jun 2018 11:42:43 +0300 (EEST) Received: from localhost (localhost [127.0.0.1]) by whs-18.cs.helsinki.fi (Postfix) with ESMTP id A7E68360080; Thu, 14 Jun 2018 11:42:43 +0300 (EEST) Date: Thu, 14 Jun 2018 11:42:43 +0300 (EEST) From: =?ISO-8859-15?Q?Ilpo_J=E4rvinen?= X-X-Sender: ijjarvin@whs-18.cs.helsinki.fi To: Yuchung Cheng cc: Michal Kubecek , netdev , Eric Dumazet , LKML Subject: Re: [RFC PATCH RESEND] tcp: avoid F-RTO if SACK and timestamps are disabled In-Reply-To: Message-ID: References: <20180613164802.99B89A09E2@unicorn.suse.cz> <20180613165543.0F92DA09E2@unicorn.suse.cz> User-Agent: Alpine 2.20 (DEB 67 2015-01-07) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 13 Jun 2018, Yuchung Cheng wrote: > On Wed, Jun 13, 2018 at 9:55 AM, Michal Kubecek wrote: > > > > When F-RTO algorithm (RFC 5682) is used on connection without both SACK and > > timestamps (either because of (mis)configuration or because the other > > endpoint does not advertise them), specific pattern loss can make RTO grow > > exponentially until the sender is only able to send one packet per two > > minutes (TCP_RTO_MAX). > > > > One way to reproduce is to > > > > - make sure the connection uses neither SACK nor timestamps > > - let tp->reorder grow enough so that lost packets are retransmitted > > after RTO (rather than when high_seq - snd_una > reorder * MSS) > > - let the data flow stabilize > > - drop multiple sender packets in "every second" pattern Hmm? What is deterministically dropping every second packet for a particular flow that has RTOs in between? Years back I was privately contacted by somebody from a middlebox vendor for a case with very similar exponentially growing RTO due to the FRTO heuristic. It turned out that they didn't want to send dupacks for out-of-order packets because they wanted to keep the TCP side of their deep packet inspection middlebox primitive. He claimed that the middlebox doesn't need to send dupacks because there could be such a TCP implementation that too doesn't do them either (not that he had anything to point to besides their middlebox ;-)), which according to him was not required because of his intepretation of RFC793 (IIRC). ...Nevermind anything that has occurred since that era. ...Back then, I also envisioned in that mail exchange with him that a middlebox could break FRTO by always forcing a drop on the key packet FRTO depends on. Ironically, that is exactly what is required to trigger this issue? Sure, every a heuristic can be fooled if a deterministic (or crafted) pattern is introduced to defeat that particular heuristic. ...But I'd prefer that networks "dropping every second packet" of a flow to be fixed rather than FRTO? In addition, one could even argue that the sender is sending whole the time with lower and lower rate (given the exponentially increasing RTO) and still gets losses, so that a further rate reduction would be the correct action. ...But take this intuitive reasoning with some grain of salt (that is, I can see reasons myself to disagree with it :-)). > > - either there is no new data to send or acks received in response to new > > data are also window updates (i.e. not dupacks by definition) Can you explain what exactly do you mean with this "no new data to send" condition here as F-RTO is/should not be used if there's no new data to send?!? ...Or, why is the receiver going against SHOULD in RFC5681: "A TCP receiver SHOULD send an immediate duplicate ACK when an out- of-order segment arrives." ? ...And yes, I know there's this very issue with window updates masking duplicate ACKs in Linux TCP receiver but I was met with some skepticism on whether fixing it is worth it or not. > > In this scenario, the sender keeps cycling between retransmitting first > > lost packet (step 1 of RFC 5682), sending new data by (2b) and timing out > > again. In this loop, the sender only gets > > > > (a) acks for retransmitted segments (possibly together with old ones) > > (b) window updates > > > > Without timestamps, neither can be used for RTT estimator and without SACK, > > we have no newly sacked segments to estimate RTT either. Therefore each > > timeout doubles RTO and without usable RTT samples so that there is nothing > > to counter the exponential growth. > > > > While disabling both SACK and timestamps doesn't make any sense, the > > resulting behaviour is so pathological that it deserves an improvement. > > (Also, both can be disabled on the other side.) Avoid F-RTO algorithm in > > case both SACK and timestamps are disabled so that the sender falls back to > > traditional slow start retransmission. > > > > Signed-off-by: Michal Kubecek > Acked-by: Yuchung Cheng > > Thanks for the patch (and packedrill test)! I would encourage > submitting an errata to F-RTO RFC about this case. Unless there's a convincing explination how such a drop pattern would occur in real world except due to serious brokeness/misconfiguration on network side (that should not be there), I'm not that sure it's exactly what erratas are meant for. -- i.